accounts: use "evobsd_internal_group" for SSH authentication
parent
ad025bf507
commit
f0ecc79696
|
@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Changed
|
||||
|
||||
- accounts: use "evobsd_internal_group" for SSH authentication
|
||||
|
||||
### Fixed
|
||||
|
||||
### Removed
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
---
|
||||
- name: "Create {{ evobsd_internal_group }} group"
|
||||
group:
|
||||
name: "{{ evobsd_internal_group }}"
|
||||
system: true
|
||||
|
||||
- name: "Create {{ evobsd_ssh_group }} group"
|
||||
group:
|
||||
name: "{{ evobsd_ssh_group }}"
|
||||
|
@ -69,7 +74,7 @@
|
|||
block: |
|
||||
Match Address {{ evolix_trusted_ips | join(',') }}
|
||||
PasswordAuthentication yes
|
||||
Match Group {{ evobsd_ssh_group }}
|
||||
Match Group {{ evobsd_internal_group }}
|
||||
PasswordAuthentication no
|
||||
insertafter: EOF
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
|
|
|
@ -38,6 +38,14 @@
|
|||
tags:
|
||||
- admin
|
||||
|
||||
- name: "Add {{ user.name }} to {{ evobsd_internal_group }} group"
|
||||
user:
|
||||
name: "{{ user.name }}"
|
||||
groups: "{{ evobsd_internal_group }}"
|
||||
append: true
|
||||
tags:
|
||||
- admin
|
||||
|
||||
- name: "Add {{ user.name }} to {{ evobsd_ssh_group }} group"
|
||||
user:
|
||||
name: "{{ user.name }}"
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
# evomaintenance_urgency_from: mama.doe@example.com
|
||||
# evomaintenance_urgency_tel: "06.00.00.00.00"
|
||||
#
|
||||
# evobsd_internal_group: "foo"
|
||||
# evobsd_ssh_group: "foo-ssh"
|
||||
# evobsd_sudo_group: "foo-sudo"
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue